Hi all, So I made a slight chance, I added "failed_when: audit_tools.stat.mode != '0755'' below 'register' module and the error message went away. By the way, all files are exist. I changed two files chmod to 0640 for testing purpose. However, I still get the 'Passed' as a result when I ran the --check mode.
On Thursday, December 17, 2020 at 11:31:00 AM UTC-5 [email protected] wrote: > On 12/17/20 5:05 PM, Roberto Paz wrote: > > Maybe some of the files are missing in the target. If that's the case, > there is no "stat" for that file. > > > > That's not true. If a file is missing you have stat.exists = false in the > result. > > The problem here is that the stat task is called in a loop, while set_fact > is called without a loop. > > Regards > Racke > > > Maybe you should add "audit_tools.stat is defined and > audit_tools.stat.mode != '0755'" > > El miércoles, 16 de diciembre de 2020 a la(s) 17:09:12 UTC-6, > [email protected] escribió: > > > > Hi all, > > > > I'm try to use the Loop and Stat modules instead Shell command with > Ansible playbook. > > Whenever I run the playbook with --check, I always get the 'Pass' > message. > > > > The error was: error while evaluating conditional (audit_tools.stat.mode > != '0755'): 'dict object' has no attribute > > 'stat'\n\n > > > > I need help. > > > > > > Thanks > > =========================================================== > > > > --- > > > > - set_fact: > > stig_id: V-219195 > > > stig_text: "FAILED. Audit tools aren't configured with mode of 0755 or > less permissive." > > > > > - local_action: lineinfile regexp='^V-219195' path="{{ output_path }}" > state=absent > > > > - name: Ensure audit tools have 0755 permissions. > > block: > > - name: check audit tools permissions. > > become: true > > stat: > > path: "/sbin/{{ audit_loop }}" > > loop: > > - auditctl > > - aureport > > - ausearch > > - autrace > > - auditd > > - audispd > > - augenrules > > loop_control: > > loop_var: audit_loop > > register: audit_tools > > > > - set_fact: > > > stig_text: "{{ stig_id }} FAILED. Audit tools don't have 0755 > permissions." > > when: audit_tools.stat.mode != '0755' > > > > - set_fact: > > stig_text: "PASSED" > > > > > > rescue: > > > > - name: change the audit tools' permissions to 0755. > > become: true > > file: > > path: "/sbin/{{ item.audit_loop }}" > > mode: 0755 > > state: "{{ 'file' if item.stat.exists else 'touch' }}" > > loop: "{{ audit_tools.results }}" > > register: file_perms_rule > > > > - set_fact: > > stig_text: "PASSED" > > when: file_perms_rule.changed > > > > - debug: > > msg: "{{ stig_id }} {{ stig_text }}" > > > > always: > > > - local_action: lineinfile line="{{ stig_id }} {{ stig_text }}" path="{{ > output_path }}" create=yes > > > > > > > > > > > > > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to > > [email protected] <mailto: > [email protected]>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com > > < > https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com?utm_medium=email&utm_source=footer > >. > > > -- > Ecommerce and Linux consulting + Perl and web application programming. > Debian and Sympa administration. Provisioning with Ansible. > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b9ed5516-9af8-4b2c-940f-0c30c54c4f6cn%40googlegroups.com.
